SlideShare ist ein Scribd-Unternehmen logo

Walk Around Wireless Security Audits – The End Is Near!

AirTight Networks
AirTight Networks

Without a viable alternative, wireless security auditors had to conduct audits by traipsing around a facility with a handheld scanning device — a time consuming and labor intensive activity. That practice is plagued by many drawbacks that greatly limit the effectiveness and efficiency of wireless security audits. Even with expensive commercial products, handheld wireless audits are cumbersome and error-prone. The use of free scanning tools only exacerbates the problem. And the man-hours and travel expenses incurred per audit negatively impact productivity.

TechnologieBusiness
1 von 8
Downloaden Sie, um offline zu lesen
AIRTIGHT NETWORKS WHITEPAPER Walk Around Wireless Security Audits – The End Is Near! A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com © 2009 AirTight Networks, Inc. All rights reserved. 2008
AIRTIGHT NETWORKS WHITEPAPER Walk Around Wireless Security Audits – The End Is Near! Executive Summary Without a viable alternative, wireless security auditors had to conduct audits by traipsing around a facility with a handheld scanning device — a time consuming and labor intensive activity. That practice is plagued by many drawbacks that greatly limit the effectiveness and efficiency of wireless security audits. Even with expensive commercial products, handheld wireless audits are cumbersome and error-prone. The use of free scanning tools only exacerbates the problem. And the man-hours and travel expenses incurred per audit negatively impact productivity. This paper describes a new hosted service architecture offered by AirTight Networks that enables effortless, automated wireless security audits from anywhere on the Internet, anytime. No more “walk arounds.” Plug-and-play wireless scanners onsite scan round-the-clock without human intervention, and securely communicate with a central server hosted on the Internet in a secure data center. The central server analyzes the data with an up-to-date wireless vulnerability database and assesses the wireless security posture or compliance of a network. Rich vulnerability assessment and compliance reports can be generated on demand with just a mouse click. Now finally, auditors can do a large number of wireless security audits accurately and cost-effectively in very little time. AirTight Networks’ SpectraGuard® Online is the world’s first and only wireless vulnerability management offered as a hosted service. For wireless security auditors, SpectraGuard Online can bring: more revenue per customer; the ability to serve many more customers simultaneously; and low touch engagements. © 2009 AirTight Networks, Inc. All rights reserved. 2
AIRTIGHT NETWORKS WHITEPAPER Introduction Wireless security audits play a crucial role in the wireless vulnerability assessment of IT infrastructure and provide guidance on how organizations can meet regulatory wireless compliance requirements. Assessment of wireless vulnerabilities is challenging because of the dynamic nature of wireless environments. Auditors have to worry about not only the wireless devices in a network environment that is being audited, but also external wireless devices in the vicinity that can impact the susceptibility of the network in question to vulnerabilities and attacks. Wireless laptops, handhelds, and smartphones carried by business travelers can also get infected with vulnerabilities on the road; even organizations that may not have officially deployed a wireless LAN need to be aware of these threats. Unfortunately, wireless security auditors have been underserved by the available auditing tools and methods. Traditionally wireless security audits have been conducted as an onsite activity. The auditor must walk around with a handheld device sniffing over-the-air wireless data. This cumbersome technique with limited wireless vulnerability assessment capabilities makes wireless security audits ineffective and inefficient, and makes auditors less productive. AirTight Networks’ unique service that allows for wireless security audits as a hosted service removes the burden from the auditors and empowers them to deliver premium service to their customers and perform more audits efficiently. Web-based Wireless Security Audits as a Service Web-based wireless security auditing — a radical departure from the conventional onsite approach — leverages the Software as a Service (SaaS) model to offer wireless security audits online, on-demand. Auditors use plug-and-play wireless scanners to monitor the airspace. The scanners automatically connect to a centralized server over a secure connection. The server is powered with an up-to- date vulnerability database and is housed in a secure (SAS 70) datacenter. Auditors access the wireless security auditing portal through a Web browser; no special software is needed. © 2009 AirTight Networks, Inc. All rights reserved. 3
AIRTIGHT NETWORKS WHITEPAPER SpectraGuard Online Architecture SpectraGuard® Online AirTight Networks’ SpectraGuard Online is the world’s first and only service that offers wireless security audits as a monthly subscription-based service. Its benefits for the audit community are powerful: 1. Effortless, effective wireless security audits anywhere, anytime. SpectraGuard Online eliminates “walk arounds” with a handheld device. With the auditing service easily accessible via any Web browser, auditors can conduct a wireless security audit for any customer, anywhere in the world, at any time — they do not even have to leave the comfort of their own offices. Direct or VPN access to customer’s corporate network is not needed. Auditors do not have to own and maintain any hardware or software tools. With AirTight Networks’ pre-configured, plug-and-play wireless scanners continuously scanning the airspace, auditors can generate on-demand wireless vulnerability assessment and compliance reports, and recycle the wireless scanners among multiple sites of a customer or among multiple customers. If needed, multiple audits can be handled simultaneously via a single wireless security portal. The bottom line: auditors can increase their profitability by increasing efficiency — doing more audits in less time and serving customers worldwide without traveling. © 2009 AirTight Networks, Inc. All rights reserved. 4
AIRTIGHT NETWORKS WHITEPAPER 2. Four service offerings SpectraGuard Online offers four service modules to meet the varying needs of enterprises of different sizes and level of wireless deployment. Modules Services Basic Wireless Wireless Wireless Compliance Alerts IDS IPS Automated wireless scanning     Compliance report delivered by email monthly or quarterly     Real-time email alerts for Rogue AP detection and wireless intrusion -    Archiving of alerts for one year -    Access to wireless IDS console - -   24x7 full wireless monitoring - -   Troubleshooting and customizable unlimited reporting - -   24x7 full wireless intrusion prevention and automatic incident response - - -  RF heat maps - - -  Location tracking to physically locate and remove Rogue APs - - -  3. Confidence of a complete wireless vulnerability assessment The inadequacy of handheld scanning for vulnerability assessment leaves audited networks exposed to many common wireless threats and unaware of new vulnerabilities. Free scanning tools such as NetStumbler and Kismet primarily serve the purpose of capturing over-the-air packets, and report only very basic information such as SSID, encryption, and MAC addresses. Further, handheld scanners are not able to distinguish which wireless devices are connected to the wired corporate LAN. This combined with the lack of security policies renders these tools close to useless for alerting against common threats such as rogue APs, client misassociation, and honeypots, to name a few. In addition, most live wireless attacks go undetected during handheld scans. Auditors giving a clean bill of health to such networks run the risk of liability if a wireless security breach or leakage of classified information occurs. © 2009 AirTight Networks, Inc. All rights reserved. 5
AIRTIGHT NETWORKS WHITEPAPER With an up-to-date centralized vulnerability database and AirTight’s patented wireless vulnerability management technology, SpectraGuard Online can automatically detect all known wireless vulnerabilities and attacks. These include client-side vulnerabilities (e.g., clients infected by viral SSIDs or probing for vulnerable SSIDs) that occur when business travelers use their laptops and phones for wireless access on the road. 4. Automated management of wireless security policies Security policies form the basis of any security audit. With little or no support for defining and managing wireless security policies built into most handheld scanning tools, auditors face a daunting task of manually classifying wireless devices, analyzing captured data, and assessing vulnerabilities. With SpectraGuard Online users can easily define and manage wireless security policies. AirTight Networks’ patented autoclassification technology allows quick, accurate classification of access points and clients as authorized and unauthorized including information about their connectivity, e.g., to wired corporate LAN, ad- hoc networks. 5. Professional, pre-defined wireless security audit reports Auditors often complain that communicating to each network administrator which vulnerabilities are critical and need to be fixed is challenging. SpectraGuard Online eliminates this problem by offering pre-defined reports that classify detected wireless vulnerabilities into severity levels. This helps prioritize which vulnerabilities need to be fixed first. Advice for fixing the vulnerability (manually or automatically) is given. Reports can be generated for a moment in time or a period; reports over different time periods can be used to audit the trends in the wireless security posture of a network. Depending on the goal, an auditor can generate a wireless vulnerability assessment report or a regulatory compliance report (e.g., PCI, GLBA, SOX). In a compliance report, each vulnerability is mapped to a specific requirement from the respective compliance legislation. 6. Accurate, instant location tracking Most handheld scanning tools force auditors to locate wireless devices based on a trial-and-error method. The auditor has to walk around the facility and monitor the change in signal strength; the idea is to walk in a direction where signal strength increases eventually leading the auditor to the device of interest. This method can take several minutes to several hours before the device can be located, if at all. Some tools support GPS which is useless for indoor location tracking. © 2009 AirTight Networks, Inc. All rights reserved. 6
AIRTIGHT NETWORKS WHITEPAPER With multiple scanners monitoring the airspace, SpectraGuard Online can instantly and accurately locate wireless devices in the vicinity. This is critical for quickly finding vulnerable or malicious devices. 7. Future-proof system Scanning tools—free and commercial—do not guarantee an up-to-date security audit against new or emerging vulnerabilities and exploits, and newer technologies (e.g., 802.11n). Auditors have to wait for the next software patch or version upgrade. The SpectraGuard Online centralized wireless vulnerability database is continually updated, allowing auditors to offer the world’s first and only zero-day wireless threat auditing capability to their customers. 8. Integrate audit reports from multiple distributed sites Customers with multiple WLAN deployments—some at worldwide locations— often demand integrated wireless security audit reports for their company. With handheld scanning, this has to be handled by auditors manually as a separate task. With AirTight Networks’ patented location-based policy management technology, SpectraGuard Online can naturally integrate wireless security audits at multiple sites worldwide and organize the results into a single audit report, without any effort for the auditor. 9. Customizable wireless security audits to suit your customer’s needs Naturally depending on the type of business, organizations are exposed to different types of wireless vulnerabilities and have different requirements both internal and regulatory for managing wireless security. Unlike the one-size-fits-all handheld scanning, SpectraGuard Online allows auditors to customize wireless security audits to meet the specific needs of their customers. Walk-around Scanning vs. SpectraGuard Online: Cost Comparison While enabling effortless PCI wireless scanning and compliance, the total cost of ownership for SpectraGuard Online is radically less expensive than walk-around scanning using any wireless analyzer especially for large enterprises with hundreds or even thousands of sites across the globe. The pricing starts as low as $20 per month per location. © 2009 AirTight Networks, Inc. All rights reserved. 7
AIRTIGHT NETWORKS WHITEPAPER Walk Around Wireless Security Audits – The End Is Near! ABOUT 5 Cost of PCI Compliance AIRTIGHT NETWORKS (Million $) Wireless analyzer AirTight Networks is the global 4 leader in wireless security and compliance solutions providing 3 customers best-of-breed technology to automatically 2 detect, classify, locate and block all current and emerging 1 wireless threats. AirTight offers SpectraGuard Online both the industry’s leading 0.5 wireless intrusion prevention system (WIPS) and the world’s 500 1000 2000 3000 5000 first wireless vulnerability Number of sites management (WVM) security- as-a-service (SaaS). AirTight’s Estimated one year expense for PCI wireless scanning. For SpectraGuard Online and on-site WIPS, one wireless sensor per loca- award-winning solutions are tion is assumed. Cost for scanning with a wireless analyzer includes logistics cost such as travel and lodging. used by customers globally in the financial, government, retail, manufacturing, transportation, education, healthcare, telecom, Summary and technology industries. AirTight owns the seminal patents SpectraGuard Online is a breakthrough solution that offers wireless security for wireless intrusion prevention audits as a hosted service. It facilitates cost-effective, unattended, non-intrusive, technology with 11 U.S. patents and accurate assessment of wireless vulnerabilities. Wireless security auditors and two international patents are relieved of the drudgery and become more efficient and productive, while granted (UK and Australia), and more than 20 additional patents delivering premium service to their customers. With geographical and time pending. AirTight Networks is a boundaries on wireless security audits removed, auditors can expand their privately held company based services to worldwide locations and simultaneously serve more customers without in Mountain View, CA. For more breaking a sweat. information please visit www.airtightnetworks.com The Global Leader in Wireless Security Solutions AirTight Networks, Inc. 339 N. Bernardo Avenue #200, Mountain View, CA 94043 T +1.877.424.7844 T 650.961.1111 F 650.961.1169 www.airtightnetworks.com info@airtightnetworks.com © 2009 AirTight Networks, Inc. All rights reserved. AirTight Networks and the AirTight Networks logo are trademarks, and AirTight and SpectraGuard are registered trademarks of AirTight Networks, Inc. All other trademarks mentioned herein are properties of their respective owners. Specifications are subject to change without notice.

Empfohlen

AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Networks
 
Survey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise SecuritySurvey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise Security
AirTight Networks
 
Retail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsRetail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—Recommendations
AirTight Networks
 
Conquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the EnterpriseConquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the Enterprise
AirTight Networks
 
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
AirTight Networks
 
WPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitWPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP Exploit
AirTight Networks
 
Wi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise ThyselfWi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise Thyself
AirTight Networks
 
Is 11ac Right for Your Network?
Is 11ac Right for Your Network?Is 11ac Right for Your Network?
Is 11ac Right for Your Network?
AirTight Networks
 

Empfohlen

AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Networks
 
Survey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise SecuritySurvey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise Security
AirTight Networks
 
Retail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsRetail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—Recommendations
AirTight Networks
 
Conquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the EnterpriseConquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the Enterprise
AirTight Networks
 
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
AirTight Networks
 
WPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitWPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP Exploit
AirTight Networks
 
Wi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise ThyselfWi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise Thyself
AirTight Networks
 
Is 11ac Right for Your Network?
Is 11ac Right for Your Network?Is 11ac Right for Your Network?
Is 11ac Right for Your Network?
AirTight Networks
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your Enterprise
AirTight Networks
 
Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013
AirTight Networks
 
Financial Districs Wi Fi Scan
Financial Districs Wi Fi ScanFinancial Districs Wi Fi Scan
Financial Districs Wi Fi Scan
AirTight Networks
 
AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks
 
WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation StrategiesWPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
AirTight Networks
 
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight Networks
 
802.11w Tutorial
802.11w Tutorial802.11w Tutorial
802.11w Tutorial
AirTight Networks
 
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
AirTight Networks
 
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
AirTight Networks
 
AirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSPAirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSP
AirTight Networks
 
AirTight social wifi solution brief
AirTight social wifi solution briefAirTight social wifi solution brief
AirTight social wifi solution brief
AirTight Networks
 
Non WiFi interference combat guide 1
Non WiFi interference combat guide 1Non WiFi interference combat guide 1
Non WiFi interference combat guide 1
AirTight Networks
 
WPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQsWPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQs
AirTight Networks
 
Windows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the EnterpriseWindows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the Enterprise
AirTight Networks
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
AirTight Networks
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
AirTight Networks
 
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
AirTight Networks
 
When WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS AttacksWhen WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS Attacks
AirTight Networks
 
Caffe Latte Attack
Caffe Latte AttackCaffe Latte Attack
Caffe Latte Attack
AirTight Networks
 
Air Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAir Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan Analysis
AirTight Networks
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 

Weitere ähnliche Inhalte

Andere mochten auch

Andere mochten auch (9)

Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your Enterprise
 
Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013
 
Financial Districs Wi Fi Scan
Financial Districs Wi Fi ScanFinancial Districs Wi Fi Scan
Financial Districs Wi Fi Scan
 
AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6
 
WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation StrategiesWPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
 
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
 
802.11w Tutorial
802.11w Tutorial802.11w Tutorial
802.11w Tutorial
 
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
 
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
 

Mehr von AirTight Networks

When WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS AttacksWhen WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS Attacks
AirTight Networks
 
Caffe Latte Attack
Caffe Latte AttackCaffe Latte Attack
Caffe Latte Attack
AirTight Networks
 

Mehr von AirTight Networks (11)

AirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSPAirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSP
 
AirTight social wifi solution brief
AirTight social wifi solution briefAirTight social wifi solution brief
AirTight social wifi solution brief
 
Non WiFi interference combat guide 1
Non WiFi interference combat guide 1Non WiFi interference combat guide 1
Non WiFi interference combat guide 1
 
WPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQsWPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQs
 
Windows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the EnterpriseWindows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the Enterprise
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
 
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
 
When WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS AttacksWhen WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS Attacks
 
Caffe Latte Attack
Caffe Latte AttackCaffe Latte Attack
Caffe Latte Attack
 
Air Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAir Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan Analysis
 

Kürzlich hochgeladen

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 

Kürzlich hochgeladen (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 

Walk Around Wireless Security Audits – The End Is Near!

  • 1. AIRTIGHT NETWORKS WHITEPAPER Walk Around Wireless Security Audits – The End Is Near! A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com © 2009 AirTight Networks, Inc. All rights reserved. 2008
  • 2. AIRTIGHT NETWORKS WHITEPAPER Walk Around Wireless Security Audits – The End Is Near! Executive Summary Without a viable alternative, wireless security auditors had to conduct audits by traipsing around a facility with a handheld scanning device — a time consuming and labor intensive activity. That practice is plagued by many drawbacks that greatly limit the effectiveness and efficiency of wireless security audits. Even with expensive commercial products, handheld wireless audits are cumbersome and error-prone. The use of free scanning tools only exacerbates the problem. And the man-hours and travel expenses incurred per audit negatively impact productivity. This paper describes a new hosted service architecture offered by AirTight Networks that enables effortless, automated wireless security audits from anywhere on the Internet, anytime. No more “walk arounds.” Plug-and-play wireless scanners onsite scan round-the-clock without human intervention, and securely communicate with a central server hosted on the Internet in a secure data center. The central server analyzes the data with an up-to-date wireless vulnerability database and assesses the wireless security posture or compliance of a network. Rich vulnerability assessment and compliance reports can be generated on demand with just a mouse click. Now finally, auditors can do a large number of wireless security audits accurately and cost-effectively in very little time. AirTight Networks’ SpectraGuard® Online is the world’s first and only wireless vulnerability management offered as a hosted service. For wireless security auditors, SpectraGuard Online can bring: more revenue per customer; the ability to serve many more customers simultaneously; and low touch engagements. © 2009 AirTight Networks, Inc. All rights reserved. 2
  • 3. AIRTIGHT NETWORKS WHITEPAPER Introduction Wireless security audits play a crucial role in the wireless vulnerability assessment of IT infrastructure and provide guidance on how organizations can meet regulatory wireless compliance requirements. Assessment of wireless vulnerabilities is challenging because of the dynamic nature of wireless environments. Auditors have to worry about not only the wireless devices in a network environment that is being audited, but also external wireless devices in the vicinity that can impact the susceptibility of the network in question to vulnerabilities and attacks. Wireless laptops, handhelds, and smartphones carried by business travelers can also get infected with vulnerabilities on the road; even organizations that may not have officially deployed a wireless LAN need to be aware of these threats. Unfortunately, wireless security auditors have been underserved by the available auditing tools and methods. Traditionally wireless security audits have been conducted as an onsite activity. The auditor must walk around with a handheld device sniffing over-the-air wireless data. This cumbersome technique with limited wireless vulnerability assessment capabilities makes wireless security audits ineffective and inefficient, and makes auditors less productive. AirTight Networks’ unique service that allows for wireless security audits as a hosted service removes the burden from the auditors and empowers them to deliver premium service to their customers and perform more audits efficiently. Web-based Wireless Security Audits as a Service Web-based wireless security auditing — a radical departure from the conventional onsite approach — leverages the Software as a Service (SaaS) model to offer wireless security audits online, on-demand. Auditors use plug-and-play wireless scanners to monitor the airspace. The scanners automatically connect to a centralized server over a secure connection. The server is powered with an up-to- date vulnerability database and is housed in a secure (SAS 70) datacenter. Auditors access the wireless security auditing portal through a Web browser; no special software is needed. © 2009 AirTight Networks, Inc. All rights reserved. 3
  • 4. AIRTIGHT NETWORKS WHITEPAPER SpectraGuard Online Architecture SpectraGuard® Online AirTight Networks’ SpectraGuard Online is the world’s first and only service that offers wireless security audits as a monthly subscription-based service. Its benefits for the audit community are powerful: 1. Effortless, effective wireless security audits anywhere, anytime. SpectraGuard Online eliminates “walk arounds” with a handheld device. With the auditing service easily accessible via any Web browser, auditors can conduct a wireless security audit for any customer, anywhere in the world, at any time — they do not even have to leave the comfort of their own offices. Direct or VPN access to customer’s corporate network is not needed. Auditors do not have to own and maintain any hardware or software tools. With AirTight Networks’ pre-configured, plug-and-play wireless scanners continuously scanning the airspace, auditors can generate on-demand wireless vulnerability assessment and compliance reports, and recycle the wireless scanners among multiple sites of a customer or among multiple customers. If needed, multiple audits can be handled simultaneously via a single wireless security portal. The bottom line: auditors can increase their profitability by increasing efficiency — doing more audits in less time and serving customers worldwide without traveling. © 2009 AirTight Networks, Inc. All rights reserved. 4
  • 5. AIRTIGHT NETWORKS WHITEPAPER 2. Four service offerings SpectraGuard Online offers four service modules to meet the varying needs of enterprises of different sizes and level of wireless deployment. Modules Services Basic Wireless Wireless Wireless Compliance Alerts IDS IPS Automated wireless scanning     Compliance report delivered by email monthly or quarterly     Real-time email alerts for Rogue AP detection and wireless intrusion -    Archiving of alerts for one year -    Access to wireless IDS console - -   24x7 full wireless monitoring - -   Troubleshooting and customizable unlimited reporting - -   24x7 full wireless intrusion prevention and automatic incident response - - -  RF heat maps - - -  Location tracking to physically locate and remove Rogue APs - - -  3. Confidence of a complete wireless vulnerability assessment The inadequacy of handheld scanning for vulnerability assessment leaves audited networks exposed to many common wireless threats and unaware of new vulnerabilities. Free scanning tools such as NetStumbler and Kismet primarily serve the purpose of capturing over-the-air packets, and report only very basic information such as SSID, encryption, and MAC addresses. Further, handheld scanners are not able to distinguish which wireless devices are connected to the wired corporate LAN. This combined with the lack of security policies renders these tools close to useless for alerting against common threats such as rogue APs, client misassociation, and honeypots, to name a few. In addition, most live wireless attacks go undetected during handheld scans. Auditors giving a clean bill of health to such networks run the risk of liability if a wireless security breach or leakage of classified information occurs. © 2009 AirTight Networks, Inc. All rights reserved. 5
  • 6. AIRTIGHT NETWORKS WHITEPAPER With an up-to-date centralized vulnerability database and AirTight’s patented wireless vulnerability management technology, SpectraGuard Online can automatically detect all known wireless vulnerabilities and attacks. These include client-side vulnerabilities (e.g., clients infected by viral SSIDs or probing for vulnerable SSIDs) that occur when business travelers use their laptops and phones for wireless access on the road. 4. Automated management of wireless security policies Security policies form the basis of any security audit. With little or no support for defining and managing wireless security policies built into most handheld scanning tools, auditors face a daunting task of manually classifying wireless devices, analyzing captured data, and assessing vulnerabilities. With SpectraGuard Online users can easily define and manage wireless security policies. AirTight Networks’ patented autoclassification technology allows quick, accurate classification of access points and clients as authorized and unauthorized including information about their connectivity, e.g., to wired corporate LAN, ad- hoc networks. 5. Professional, pre-defined wireless security audit reports Auditors often complain that communicating to each network administrator which vulnerabilities are critical and need to be fixed is challenging. SpectraGuard Online eliminates this problem by offering pre-defined reports that classify detected wireless vulnerabilities into severity levels. This helps prioritize which vulnerabilities need to be fixed first. Advice for fixing the vulnerability (manually or automatically) is given. Reports can be generated for a moment in time or a period; reports over different time periods can be used to audit the trends in the wireless security posture of a network. Depending on the goal, an auditor can generate a wireless vulnerability assessment report or a regulatory compliance report (e.g., PCI, GLBA, SOX). In a compliance report, each vulnerability is mapped to a specific requirement from the respective compliance legislation. 6. Accurate, instant location tracking Most handheld scanning tools force auditors to locate wireless devices based on a trial-and-error method. The auditor has to walk around the facility and monitor the change in signal strength; the idea is to walk in a direction where signal strength increases eventually leading the auditor to the device of interest. This method can take several minutes to several hours before the device can be located, if at all. Some tools support GPS which is useless for indoor location tracking. © 2009 AirTight Networks, Inc. All rights reserved. 6
  • 7. AIRTIGHT NETWORKS WHITEPAPER With multiple scanners monitoring the airspace, SpectraGuard Online can instantly and accurately locate wireless devices in the vicinity. This is critical for quickly finding vulnerable or malicious devices. 7. Future-proof system Scanning tools—free and commercial—do not guarantee an up-to-date security audit against new or emerging vulnerabilities and exploits, and newer technologies (e.g., 802.11n). Auditors have to wait for the next software patch or version upgrade. The SpectraGuard Online centralized wireless vulnerability database is continually updated, allowing auditors to offer the world’s first and only zero-day wireless threat auditing capability to their customers. 8. Integrate audit reports from multiple distributed sites Customers with multiple WLAN deployments—some at worldwide locations— often demand integrated wireless security audit reports for their company. With handheld scanning, this has to be handled by auditors manually as a separate task. With AirTight Networks’ patented location-based policy management technology, SpectraGuard Online can naturally integrate wireless security audits at multiple sites worldwide and organize the results into a single audit report, without any effort for the auditor. 9. Customizable wireless security audits to suit your customer’s needs Naturally depending on the type of business, organizations are exposed to different types of wireless vulnerabilities and have different requirements both internal and regulatory for managing wireless security. Unlike the one-size-fits-all handheld scanning, SpectraGuard Online allows auditors to customize wireless security audits to meet the specific needs of their customers. Walk-around Scanning vs. SpectraGuard Online: Cost Comparison While enabling effortless PCI wireless scanning and compliance, the total cost of ownership for SpectraGuard Online is radically less expensive than walk-around scanning using any wireless analyzer especially for large enterprises with hundreds or even thousands of sites across the globe. The pricing starts as low as $20 per month per location. © 2009 AirTight Networks, Inc. All rights reserved. 7
  • 8. AIRTIGHT NETWORKS WHITEPAPER Walk Around Wireless Security Audits – The End Is Near! ABOUT 5 Cost of PCI Compliance AIRTIGHT NETWORKS (Million $) Wireless analyzer AirTight Networks is the global 4 leader in wireless security and compliance solutions providing 3 customers best-of-breed technology to automatically 2 detect, classify, locate and block all current and emerging 1 wireless threats. AirTight offers SpectraGuard Online both the industry’s leading 0.5 wireless intrusion prevention system (WIPS) and the world’s 500 1000 2000 3000 5000 first wireless vulnerability Number of sites management (WVM) security- as-a-service (SaaS). AirTight’s Estimated one year expense for PCI wireless scanning. For SpectraGuard Online and on-site WIPS, one wireless sensor per loca- award-winning solutions are tion is assumed. Cost for scanning with a wireless analyzer includes logistics cost such as travel and lodging. used by customers globally in the financial, government, retail, manufacturing, transportation, education, healthcare, telecom, Summary and technology industries. AirTight owns the seminal patents SpectraGuard Online is a breakthrough solution that offers wireless security for wireless intrusion prevention audits as a hosted service. It facilitates cost-effective, unattended, non-intrusive, technology with 11 U.S. patents and accurate assessment of wireless vulnerabilities. Wireless security auditors and two international patents are relieved of the drudgery and become more efficient and productive, while granted (UK and Australia), and more than 20 additional patents delivering premium service to their customers. With geographical and time pending. AirTight Networks is a boundaries on wireless security audits removed, auditors can expand their privately held company based services to worldwide locations and simultaneously serve more customers without in Mountain View, CA. For more breaking a sweat. information please visit www.airtightnetworks.com The Global Leader in Wireless Security Solutions AirTight Networks, Inc. 339 N. Bernardo Avenue #200, Mountain View, CA 94043 T +1.877.424.7844 T 650.961.1111 F 650.961.1169 www.airtightnetworks.com info@airtightnetworks.com © 2009 AirTight Networks, Inc. All rights reserved. AirTight Networks and the AirTight Networks logo are trademarks, and AirTight and SpectraGuard are registered trademarks of AirTight Networks, Inc. All other trademarks mentioned herein are properties of their respective owners. Specifications are subject to change without notice.